Sub menu

Popular skeptic site hacked, private user details stolen

Sometime over the last few days, the Skeptical Science website has been hacked. The hacker has taken much or all of the Skeptical Science database, zipped various excerpts into a single file, uploaded the file onto a Russian website then linked to the zip file from various blogs. While we are still attempting to verify the authenticity of the file, initial scans seem to indicate the hacker has included the entire database of Skeptical Science users. Access to the full database (which includes private details) is restricted only to myself and I am the only one with access to all of the raw data – this fact alone indicates that this breach of privacy came in the form of an external hack rather than from within Skeptical Science itself.

Of great concern is the fact that the hacker has published personal details such as emails and IP addresses of each user.

I wouldn’t be too quick to accuse this of being a targeted attack. I work in computer security, and hacks like this are unbelievably common and most of the time they are entirely opportunistic. Usually they are criminals looking for known-good email addresses to spam or credit card numbers to abuse.

If you used the same password on Skeptic Science that you use elsewhere, you should change it everywhere ASAP. And don’t do that going forward – use a different password on every website, and use a piece of software like 1Password or KeePass to manage them.